Search form

You are here

Ten Year Old Wows Hacking Convention

by John Lister on August, 8 2011 at 08:08AM EDT

A ten-year-old has revealed a flaw in mobile-based video games that could potentially expose these devices to a security risk. The discovery came when the youngster got bored with the pace of farming games.

The self-described hacker, who has not revealed her real name and prefers to be known publicly as CyFi, had been playing games similar to Farmville, which allow players to set up virtual farms and often either compete or co-operate with online friends. However, partly for realism and partly to keep gamers playing, it can often take hours before planting virtual seeds leads to crops growing.

CyFi was frustrated by this and experimented with putting the clock on her cellphone forward in an attempt to trick the game into speeding up. Normally, games and devices should detect such activity, but she was able to get round this detection by switching off the wireless connection and only putting the clock forward a little bit at a time. (Source: cnet.com)

Full Scope of Problem Unclear

Although CyFi hasn't revealed the full details, it's possible this bug may allow people to get round time limits on digital products (such as newspaper subscriptions), or could even pose a security risk. However, that's purely speculation at this point.

The bug was revealed at the DEF CON security convention which, for the first time, is hosting a special children-only division this year. Among the events at the kids version is a contest to see which participant can find the most games with the a in 24 hours.

Responsible Disclosure Starts Young

As is standard practice at DEF CON, CyFi has not revealed which games are vulnerable, though she says they appear on both Apple and Android devices. Instead, she's giving manufacturers time to fix the problem before going into further detail, a policy dubbed "responsible disclosure" in the hacking community.

Indeed, CyFi's speech on the bug wasn't solely about how it worked, but also about the wider concept of zero days exploits -- bugs that hackers have discovered but manufacturers or developers aren't yet aware of -- and the risk that revealing such a bug can cause a race between developers and criminally-minded hackers. (Source: defconkids.org)